Block outbound port 25 to prevent direct-out spammers

Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"

Top Level » Email » Spam

Block outbound port 25 to prevent direct-out spammersLast Modified: Oct 18, 2016, 3:11 pm
If you're not running a firewall, or are using a default state for most firewalls, often times, they don't block Users from sending on port 25 directly to remove mail servers. This would bypass Exim, so wouldn't be desirable as you wouldn't have any way of tracking it.

Related change to to our iptables script

We recommend that you block port 25 out for all Users, with the exception of only allowing "mail" and "root".
"mail" is what exim uses to delivery outbound messages, and "root" is just left for manual testing/debugging.

If you're running CSF, set the following value:


while the block_ip iptables script will do this by default.

To manually test if this block is working, you'd see something like this:

[root@server ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@server ~]# su - admin
[admin@server ~]$ telnet 25
telnet: connect to address Connection refused
[admin@server ~]$ logout
[root@server ~]# id
uid=0(root) gid=0(root) groups=0(root)
[root@server ~]# telnet 25
Connected to
Escape character is '^]'.
220 ESMTP Exim 4.86.2 Fri, 08 Apr 2016 16:06:28 -0600
221 closing connection
Connection closed by foreign host.
[root@server ~]#

But if your admin" account can still connect to a remote server on port 25, then the block isn't working yet.
Related Helpfiles
My server is sending spam. What do I do?
Fully block a DirectAdmin User account from sending any messages

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST